Forum OpenACS Q&A: Response to Any contributions to a RH HowTo?

Collapse
22: Response to Any contributions to a RH HowTo? (response to 1)
Posted by S. Y. on 04/25/01 11:05 AM

As Jon mentioned, if you can't compile a kernel from the source, you're simply not qualified to be administering a production web server. End of discussion. By the time something like Red Hat Linux ships, there's probably a newer kernel out there, often before the CDs hit the store shelves. If you installed RH 6.2 and your kernel is still 2.2.16 (or whatever it was), you're at risk for a security breach.

Essentially any unpatched Linux distribution is bad. The vulnerabilities for every single unpatched version of any major Linux distribution are very well documented. That's the first thing any script kiddie is going to try.

As best as I understand, the guys at Openwall don't even bother releasing their patch until a particular version of the kernel is "safe" (they are conservative): http://www.openwall.com/linux

David, I've mentioned several times that what I write is geared toward people who understand *nix. If I need to type in "a symbolic link (a.k.a. "cloning") is accomplished by typing ln -s ..." then I've mimicked the other 400 page Linux books out there to no avail.

You cannot run a secure and reliable service with the Macintosh "click the continue button to continue" method. Anyone who can recompile their Linux kernel will not need explanation on how to create a symbolic link in a *nix operating system. If you need explanation on how to read a man page, how to use chkconfig to turn off a service, how to check for services that might not be using chkconfig, then you don't understand *nix.

Nothing wrong with that (I was there once myself), but do not expect to be qualified to sysadmin a production web server. Come back in a couple of years.

...you said "dump sendmail" Well this is another thing I want to cover. How to get Webmail with qmail up and running. From the beginning to the end...

David, I don't know anything about webmail, but qmail can be installed following the directions included with the source. Annoyingly, you have to jump from one document to another, but qmail can be installed and tested next to a working sendmail system before pulling the plug. While I don't care for the qmail documentation much, I can't say that I could write anything better.